One of the questions we’ve most commonly been asked in recent months is “does the GDPR mean we have to get fresh consents from our entire marketing database?” In many (indeed, perhaps most) cases, the answer is “no” – though the explanation for this is not all that straightforward, and so the confusion here is easy to understand.
Internet Newsletter for Lawyers
Edited by Nick Holmes and Delia Venables
Articles filed under Data protection
To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and Leavers will agree: nobody knows exactly what is going to happen. The same is true of the effect of Brexit on UK data protection. However, as Brexit day approaches, it is becoming imperative for those with responsibility for data protection compliance to make some crucial strategic decisions. To help with that process, here are some pointers about what we know and what we don’t know.
The General Data Protection Regulation (GDPR) comes into effect in 25 May 2018. It replaces the Data Protection Directive (implemented in the UK as the Data Protection Act 1998). This document addresses GDPR with the narrow focus of websites. For a broader discussion on the impact of GDPR on law firms, you might like to start with this article from the Law Society.
“So, have I missed the boat to get ready for the GDPR?” “Will I get fined for not being fully up to speed?” “What is the worst thing that can happen if I am not complying by May 2018?” These are some of the most frequently asked questions currently accompanying the efforts (or lack of them) to prepare for the GDPR.
The GDPR is an ambitious, complex and strict law that will transform the way personal information is collected, shared and used globally. The organisational changes required to comply with this framework will be substantial and the potential consequences of not doing things properly can be severe. Therefore, it is not surprising that the climate around the GDPR and its compliance requirements is one of panic.
After all of the 2016 drama, the start of a brand new year is a welcome development in itself – a clean sheet for a script yet to be written. However, 2017 will not be without challenges and the same applies to the world of privacy and data protection. Many of the big issues that arose during 2016 will need to be addressed in 2017. New questions will no doubt emerge.
This article considers two recent developments relating to data protection and trade secrets: two sides of the same coin perhaps.
Towards the end of 2015, the EU institutions reached agreement on a new General Data Protection Regulation (GDPR) which will replace the 1995 Data Protection Directive, seeking to implement a stricter and more harmonised data privacy regime. The new GDPR, which was published in the Official Journal of the European Union on 4 May 2016 and is expected to come into force on 25 May 2018, is considered to be one of the most comprehensive overhauls of EU privacy legislation.
For decades, overcoming the limitations of European data protection law to transfer personal data to countries outside the European Union has been a compliance priority for organisations operating internationally. Global data flows are part of the fabric of modern communications and everyday commercial and social interactions. This is especially true of the transatlantic relations between the European Union and the United States. However, countries such as the US that approach the regulation of personal data privacy from a different perspective than countries in Europe face a tough challenge when trying to demonstrate an adequate level of protection according to the European standard.
On 6 October 2015, the Court of Justice of the European Union (CJEU) declared the EU–US Safe Harbor framework invalid as a mechanism to legitimise transfers of personal data from the EU to the US. This decision effectively leaves any organisation that relied on Safe Harbor exposed to claims that such data transfers are unlawful and could have serious implications for transfers of personal data both within multinationals and to global service providers.
Safe Harbor was jointly devised by the European Commission and the US Department of Commerce as a framework that would allow US-based organisations to overcome the restrictions on transfers of personal data from the EU. However, since its adoption, Safe Harbor was fraught with challenges. Although the data protection requirements set out in the Safe Harbor Privacy Principles were meant to match the standards of protection of European law, its self-certification nature and the non-European style of its provisions have attracted much criticism over the years. In particular, the revelations triggered by Edward Snowden in 2013 about the US intelligence surveillance operations led the European Parliament to adopt a resolution seeking its immediate suspension. The European Commission had no choice but to reopen the dialogue with the US government to find a way of strengthening the framework and restoring its credibility.
Ireland’s first dedicated Data Privacy Law app has been launched by leading Irish firm A&L Goodbody. The Irish Data Protection Commissioner supports this useful tool as it is aimed at senior management, privacy law professionals and in-house lawyers who need to respond to an increasing number of data protection requirements and challenges that data security […]
A key functionality of social networking services is the ability of the user to “import” the contact details of existing friends and acquaintances. This functionality is a simple technological solution that relies on the sharing of personal information – which is what online networking is all about – so it is essential to know how to make the most of it in a non-intrusive and responsible way.
- Developments in ODR and the online court
- Re-consenting to marketing under GDPR?
- IT and practice management for chambers
- Cryptocurrencies explained
- When and how to use 301 redirects
- Algorithms in law
- Online justice news
- The Law Society Guide to Good Practice
- Automated Intelligence – a strategy that delivers tangible business benefits today
- 7 steps to mitigating risk and reducing your law firm’s professional indemnity premium
- Latest articles feed
- PDFs of the Newsletter
- Legal Web Watch